Wireshark mailing list archives
Decrypting a PCAP of DES 64 Encrypted Telnet Traffic
From: "joseph () whyjoseph com" <joseph () whyjoseph com>
Date: Tue, 24 Apr 2012 17:19:05 -0500 (CDT)
I am trying my hand at the latest HoneyNet Challenge: http://www.honeynet.org/node/829 It requires an analysis of a PCAP file. The traffic appears to be telnet, but encrypting using DES. I am assuming based on my searching so far using this RFC Draft: http://tools.ietf.org/html/draft-tso-telnet-enc-des-cfb-03 It reads in the draft that the IV is sent in the clear. Looking into the PCAP I do not see the actual command mentioned in the RFC "CFB64_IV" So I am wondering if Wireshark has a way for me to extract that IV and use it to decrypt the remaining traffic via a replay. Any feedback is appreciated.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Decrypting a PCAP of DES 64 Encrypted Telnet Traffic joseph () whyjoseph com (Apr 24)